By itself, the Internet Protocol (IP) provides no inherent security. Both packet headers, containing inter alia source and destination addresses, and payload data is sent in plain text. Other mechanisms are required in addition to the basic IP protocols in order to provide security. The most widely used security mechanism is IPSec, which consists of a suite of protocols including protocols for negotiating security associations (defining shared secrets) between parties and protocols for encrypting data. IPSec is obligatory for IPv6 but optional for IPv4. IPSec can operate either in Transport Mode or in Tunnel Mode. In the former, only the payload of IP packets is encrypted, whilst in the latter the payload and original IP header are encrypted, with a further outer header being added to allow routing of the packet.
In the case of the Tunnel Mode, addition of an IPv6 header will add at least two 128 bit fields to every packet. In the case of IPv4, two 64 bit fields will be added. As well as occupying bandwidth, the additional bits represent a significant overhead where packets are transmitted over an air interface, in terms of transceiver power consumption. This is especially problematic in the case of battery powered mobile devices. Furthermore, IPSec is “strict” in terms of compliance, and it does not offer any flexibility with respect to what to encrypt and what not to encrypt. All of the original packet including the header must be encrypted.
In the case of Transport Mode, the payload alone must be encrypted. As with Tunnel Mode, Transport Mode offers no flexibility in this regard, e.g. it is not possible to selectively encrypt parts of the packet header.
Prior art security mechanisms are deficient to a large extent in that they may leak information concerning the identity and/or location of a packet sender or receiver. For example, a third party may be able to determine that a stream of packets are associated with the same sender or receiver by observing repeated use of the same source or destination IP address.
U.S. Pat. No. 6,104,811 describes an encryption mechanism that can be applied to secure TCP/IP payload data. A pseudo-random number generator is used to produce a bit string which can be used as a pad for one-time pad encryption data. One-time pad encryption is a well known technique for encrypting data exchanged between two parties. It involves making a pad consisting of a string of random numbers available to both parties. The sending party XORs the data to be encrypted with a block of the pad to generate encrypted data, whilst the receiving party can decrypt the encrypted data by XORing the same pad block with the encrypted data. Providing that the pad is not made available to third parties, one-time pad translation provides excellent security.
WO2006084895 describes a mechanism for “cloaking” repetitive or sequential data within IP packet headers which may be used by attackers to link together sequences of packets, for example in order to track movements of a mobile terminal user. The mechanism requires that users share a secret key (e.g. negotiated during the IKE setup phase of IPSec), and that they use this key to generate common sequences of pseudo-random numbers. The sender then replaces each data item to be cloaked with the next value in the random number sequence. The receiver, having access to the same sequence, can identify the position of a received packet within a sequence, and uses a mapping function to replace the cloaked data with the original data.